Tue, 25 May 2010

I've been noticing many different copies of my Windows liveusb-creator popping up on various sketchy-looking download sites. The majority of these copies contain a variant of the Vundo Trojan.

"Vundo, or the Vundo Trojan (also known as Virtumonde or Virtumondo and sometimes referred to as MS Juan) is a Trojan horse that is known to cause popups and advertising for rogue antispyware programs, and sporadically other misbehavior including performance degradation and denial of service with some websites including Google and Facebook."

So, if you downloaded a copy of the Windows liveusb-creator from anywhere other than
https://fedorahosted.org/liveusb-creator -- you could be infected. Apparently
the latest variation of this trojan is undetectable by most antivirus
(although, clamav was able to recognize the one that I found), so you
may need to look around for some of the common symptoms. There is apparently a
tool that will remove this trojan which can be found here, however I have not tested it and
cannot vouch for its validity.

If anyone was actually hit by this, I'd be interested to hear about
it.

Also,
to state the blatantly obvious: only download the liveusb-creator from the homepage!

But a SHA1 is not an MD5, though... and information is not "infirmation" either, unless your intent is to cripple the thing and hospitalise it! Are you certain it's a virus? How can you write bug-free code, if you can't spell? :-p

In any case, my issue with liveUSB booting of any kind is that while that technique is okay for either running live constantly or installing to only a single hard drive, it fails miserably whenever anyone tries to perform an install into a system that has more than one hard drive because booting from a liveUSB stick in the first place always screws up the drive detection and so when you go to reboot after a multi-drive installation, the reboot fails because /dev/sdc (or whatever) then becomes /dev/sdb (or whatever) instead, as soon as the stick is removed. So, you're stuck with rebooting live yet again and then manually patching-up the newly-installed fstab, just to get the hard disk boot to work properly. Certainly a stupid annoyance, in my opinion.

This will update the bootloader on the specified drive, so make sure to get it right.

Another option is to replace the syslinux.exe file LiveUSB Creator uses with the new one and run LiveUSB Creator again. The file goes into the "tools" directory. So, if LiveUSB Creator was installed to C:\Program Files\LiveUSB Creator, it needs to go in C:\Program Files\LiveUSB Creator\tools.